esp@cenet document view 



Page 1 of 1 



VERIFICATION METHOD FOR COMPUTER SYSTEM 



Publication number: JP9261218 

Publication date: 1 997-1 0-03 

inventor: HAYASHI SEIICHIRO 

Applicant: NIPPON TELEGRAPH & TELEPHONE 

Classification: 

- international: G09C1/00; H04L9/32; G09C1/00; H04L9/32; (IPC1-7): 

H04L9/32; G09C1/00 

- european: 

Application number: JP1 9960072035 19960327 
Priority number(s): JP19960072035 19960327 



Report a data error here 



Abstract of JP9261218 

PROBLEM TO BE SOLVED: To allow a 
system to attain verification of new verification 
information generated by a computer without 
acquisition of certificate information from a^^^^ 
5 -.—verification center. SOLUTION: A comput^2) 
generates at first a gublic kev^ hii. ana ^ 
T§§rTg s[ vei^lTlttdtlOh Infoiifiallui rmcludina the 
oublic key to^alTerificat io ri centervt ?(12). The 
verification center Ixonfirms the public key A 
/ ^ -—to be a key of the cornpotec^^^sed on the 
verification information (13^. q^erates dioita i 
_si gnature infQrmationfverification in formgtlon) 
of the p ublic key A (14) an t reiurng^ tbe^;^ 
information to the computeiCg^^+S^flre"""^ 
#5 ^ com[3uter 2 generatesjiewJ y the publ ic.key B 
(16) and gen erates ve rification preparation 
information by yaddinoVthe signature 
in formation of the p ublic key A to the public 
Rey B (17), th e verificati on preparation 
mformatieo^s^g^ asecret key A and 

esulting informatiyiisjaDBtO-a com pu ter. 
^ ^Jt 8). The com puter/3 gecodes the received 
..^""^SrS^ation the public>Key A to verify the public 
key B is, the computer 2 it self based on the 
n<^^ signature information in the decoded 
^ information. 
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* NOTICES * 

JPO and NCIPI are not responsible for any 
daunages caused by the use of this translation. 

1 .This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2.**** shows the word which can not be translated. 
3, In the drawings, any words are not translated. 



DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 

[Field of the Invention] This invention relates to the informational authentication approach of 
guaranteeing the communications partner in the computing system to which the computer 
(authentication center) which has the authority function which authorizes two or more computer and 
each computer was connected in the network, and in detail, when a computer newly creates 
authentication information, it relates to the approach of attesting again, ^flthautjfifljiujn^^ 

jlnf^m^^^i^Rll■frOT■nnl ''"l^finf j^''^'"^^ "'"'"^itfiF 
[0002] 

[Description of the Prior Art] When it set to the system which performs a digital signature 
communication link and a certain computer added and changed a public key by the public key 
cryptosystem conventionally, certification information, such as a digital signature, was newly got from 
the authentication center to the public key added and changed. That is, the authentication center was 
generating the certification information (equivalent to a certified seal registration) on a public key 
belonging to him by the digital signature of an authentication center each time. 
[0003] 

[Problem(s) to be Solved by the Invention] By the conventional approach, whenever a computer adds 
and changes a public key etc., it will connect with an authentication center and a digital signature will be 
generated. That is, since the digital signature of the past which the authentication center generated was 
not conventionally used effectively for authentication of other public keys etc., whenever the computer 
created a new public key etc., it needed to be requested from the authentication center, needed to receive 
the digital signature, and had the problem on which the burden and traffic of the computer which 
receives an authentication center and authentication increase. 

[0004] The purpose of this invention tends to give the same guarantee as having been attested from this 
authentication center, without minding an authentication center about authentication information, such 
as a new public key, based on the certification information which is the fact once attested by the 
authentication center. 
[0005] 

[Means for Solving the Problem] The authentication approach of this invent ion use s the certification 
information once attested by the authentication center. A certain com puter 2l addsfthe certification 
information a^ested hv this authentication center to the newlv created authentication infomiation, and it 
transmits to other computers 3. a radical [ information / which is added to the new autnenticaiion 
information received with these other computers 3 / certification ] - this ~ it is having enabled it to 
attest that new authentication information is the thing of a computer 2. 

[0006] A computer 2 presupposes that the public key A with a digital signature of an authentication 
center is held as certification already attested from tne authentication center, the whole of the 
information this computer 2 indicates [ the public key A with a digital signature of an authentication 
center and the public key B newly added or changed, and ] it to be whether a public key B is 
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modification or an addition further — the private key A of a pubUc key A — encryption — or a digital 
signature is carried out and it transmits to other comniiter<; 1 The public key B which is informational 
contents a decryption or by carrying out a digital signature about the this received information can attest 
that it is computer 2 his public kev as well as a public key A with a public key A from encryption or the 
digital signature being carried out with the privaie key a corresponding to the public key A with which 
the received information was guaranteed from the authentication center in the computer 3. 
[0007] 

[Embodiment of the Invention] Hereafter, the gestalt of operation of this invention is explained using a 
drawing. Drawing 1 is what showed the block diagram of the target system by this invention, and two or 
more computers 2, 3, and 4 are connected with the authentication center 1 by the channel (network) 5. 
Here, each computers 2, 3, and 4 presuppose that a digital signature communication link is performed by 
the public key cryptosystem. 

[0008] Drawing 2 shows the authentication procedure of the public key by this invention. Here, it shall 
attest that a computer 3 is the thing of this computer 2 about the public key which a computer 1 newly 
changes and adds. 

[0009] <Example 1> A computer 2 this The pubHc key A with a digital signature of the authentication 
center 1 The public key B newly added or changed and this public key B make information which shows 
modiKcation or an addition authentication preparation information. It is the example which this 
authentication preparation information is enciphered with the private key^ A of a public key A, it 
fransmits to a coniputer^ and a computer j decodes tne this enciphered'~authentication preparation 
mtormation witn a public key A, and attests a public key B with it being the thing of a computer 2. 
Hereafter, this example is explained based on drawing 2 . 

[0010] Step 1: The authentication computer 2 of the public key A by the authentication center transmits y 
authentication information to the authentication center 1 b v process ipp 17 ahont pj2lj£j^£X^,^iS£L^ ^ 
created by processingj 1 . Here, the information <ID> which guarantees the identity of a computer 2 
omer man public key A <KpA> is included in the authentication information transmitted to the 
authentication center 1 by processing 12. Surely in the authentication center 1, it checks that a public 
key A belongs to computer 2 him by processing 13 based on the authentication information transmitted 
by processing 12. To the information <KpA|TIME|ID> which combined the term information <TIME> 
which the authentication information <ID> and the authentication center 1 of public key A <KpA> and 

iter 2 more p^ftr piye^at prp gg j^ang-'-^.iMSJJ^i gital^ carried^out with the priva te key 

^ sC A> of this authentication center 1, signature information <SKsCA (KpA|TIME|ID^ is generated, 
^-^""^e^d it transmits to A COittpuier z oy processing li>. 

SY (XXX): Digital signature a|b to XXX of a private key Y : a and b are connected. 
[001 1] Step 2: The creation computer 2 of the information which guarantees the new public key B 
creates public key B <KpB> by processing 16, and a public key B creates fiirther the flag information 
which shows an addition or modification. In processing 17, authentication information <ID> is 
combined with the information created by processing 16, the digital signature <SKsCA (KpA|TIME|ID) 
> by the authentication center 1 of the public key A fiirther generated at step 1 1 is added, and 
authentication preparation information <KpB|ID, SKsCA (KpA|TIME|ID)> is created. To this 
authentication preparation inform iitinrLii.ti ifrinfiiiphtrr: hy pnv^tq j^^y [ a public key A ] A Si^s^^^ ^nd a 
computer 2 trcincmitc ^^nr^iypt^nn i'r.f^|ii|^j^^;/Ar» ^k^c A ^n^pP|Tn SK sCA (KpAITIMEIID^li^ ^ a computer 
3 by processing 18. 

EY (XXX): Encipher XXX with a private key Y. 

[0012] Step 3: Decrypt the encryption information transmitted by the computer 2 by processing 18 by 
processing 19 at public key [ of a computer 2 ] A <KpA> in the authentication computer 3 by the other 
computers of the new public key B. Namely, <DKpA(EKsA (KpB|ID, SKsCA (KpA|TIME|ID))) 
=KpB|ID, SKsCA (KpA|TIME|ID). When signature verification of the digital signature <SKsCA 
(KpA|TIME|ID)> of the authentication center 1 to a public key A is carried out with the public key 
<KpCA> of the authentication center 1 among the decrypted information, verification passes and 
authentication information <ID> is fiirther in agreement with a computer 2, a public key B attests as a 
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public key of a computer 2. 

DY (XXX): Decrypt XXX with a public key Y. 

[0013] <Example 2> A computer 2 this The public key A with a digital signature of the authentication 
center 1 The public key B newly added or changed and this public key B make information which shows 
modification or an addition authentication preparation information. It is the example which the signature 
information which carried out the digital signature of this authentication preparation information with 
the private key A is transmitted to a computer 3 with authentication preparation information, and a 
comnuter 3 ^^^^'fjffi^ ^ he diptal signature of authen ticati on preparation information w ith the public key A 

a computer 2, and attests a public key tJ witn it being tne ming of a computer 2. 
[0014] authentication of the public key A by the Step 1 :authentication center - this is the same as that of 
an example 1 . 

[0015] Step 2: It is the same as that of an example 1 till the place where the creation computer 2 of the 
information wViirh ^imrarjippQ a | |ew public key creates authenti cation preparation information by 
processing 17. A fflmniitQ L2Jxansmi ts the signature i nformation^ (KpB|ID, SKsCA 

(KpA|TIME|ID))> and authentication |il"i!|3UmaUil Mil 



1on^pB|ID, SKsCA (KpA|TIME|ID)> 
which carried out the di gital sig nature of the createdauthentication preparation information <KpBlID, 
SKsCA (KpA|TIME|ID)> by private key A ^"4q>i rnmpntfr 1 by processing 18. 
[0016] Step 3: Verify the digital signature <SKsA (KpB|ID, SKsCA (KpA|TIME|ID))> of the 
authentication preparation information transmitted from the computer 2 by processing 18 by processing 
19 in the authentication computer 3 by the other computers of a new public key at public key [ of a 
computer 2 ] A <KpA>. Furthermore, when signature verification of the digital signature <SKsCA 
(KpA|TI]V[E|ID)> of the authentication center 1 to a public key A is carried out with the public key 
<KpCA> of the authentication center 1, verification passes and authentication information <ID> is 
furtiier in agreement with a computer 2, public key B <KpB> attests as a public key of a computer 2. 
[0017] 

[Effect of the Invention] As explained above, once it receives the authentication from an authentication 
center according to the authentication approach of this invention, the guarantee of a new public key will 
be attained without receiving modification of a subsequent public key and authentication of a public key 
new from an authentication center at every addition. For this reason, the burden of the computer which 
creates an authentication center and a new public key and receives authentication, and the burden of 
traffic are mitigated. 
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CLAIMS 



[Claim(s)] 

[Claim 1] In the authentication approach of a computing system that the computer (henceforth an 
authentication center) which has the authority function which authorizes two or more computer and each 
computer was connected in the network A certain computer adds the certification information which 
guarantees what was attested by the authentication center, and the new authentication information which 
the computer concerned created is transmitted to other computers. In other computers a radical 
[ information / which is added to the new authentication information on said received computer / 
certification ] - this — the authentication approach of the computing system characterized by new 
authentication information attesting with the thing of said computer. 

[Claim 2] In the authentication approach of a computing system according to claim 1 each computer by 
the public key cryptosystem The public key A with a digital signature with which it is the system 
equipped with the verification function of generation of a digital signature, and a signature, and the 
digital signature of a certain computer was carried out by the authentication center A different public 
key B from said public key A and said public key B make identification information from which 
modification of a public key A discriminates whether it is an addition authentication preparation 
information. Said authentication preparation information is enciphered with the private key A 
corresponding to a public key A, and the this enciphered authentication preparation information is 
transmitted to other computers. A computer besides the above The authentication approach of the 
computing system which decodes said received authentication preparation information which was 
enciphered with a public key A, and is characterized by attesting with it being the public key of said 
computer with which the authentication center attested said public key B based on the this decoded 
authentication preparation information. 

[Claim 3] In the authentication approach of a computing system according to claim 1 each computer by 
the public key cryptosystem The public key A with a digital signature with which it is the system 
equipped with the verification function of generation of a digital signature, and a signature, and the 
digital signature of a certain computer was carried out by the authentication center A different public 
key B from said public key A and said public key B make identification information from which 
modification of a public key A discriminates whether it is an addition authentication preparation 
information. The signature information and authentication preparation information which carried out the 
digital signature of this authentication preparation information with the private key A are transmitted to 
other computers. A computer besides the above The authentication approach of the computing system 
characterized by attesting with it being the public key of said computer with which the signature 
information on said received authentication preparation information was verified with the public key A, 
and the authentication center attested said public key B. 



[Translation done.] 
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[ 0 0 0 8 ] ii2(±, :^mizx^'j^mm(otm^im 

[00 091 <mmmi>Mi. mmMm2^<. u 

Mi)-t:^-tmk ^mmmmit ix . mmmm^ 
mi:'^mAmmAX'mnit Lxmrnnm s m 

'^wmAx-mi. 'JkmBi:m'fs\%Wi2(o{>(ox'h 
ibim-timM^MX'h^, OT. ^mmm2izm 

-^\>^xmmti> 

[0 0 1 03 XT-xri : i2iiE-fe>':7tCj;I.^IBI|A<7) 

m=FnMm2ii. mi HciOf^jtt-^^^^HA <k 
pA> ^zov^T. mi 2i,zj:mmm^:tm-ty:$' 
nzmmti. ^zx\ mi2xim-^y:^'ii<zmiE 
^iihtm^m^zii. i^^HA <KpA> (omi^zm^Fs^ 
w.m2coM7t^^mtmWi < i d> ^^ts. im-ty 
^ixii. mmi 2xmiE^ritzmmmim^z. m 
1 3 izxmtHz^mmA im=?-imm 2 ^a^o t cdt'J> 
^zt ^m^t^ , ^<r>±.x\ mm 1 4 izx^mmA 
<Kp A> tm'FMmm2cotmmm < i d> tim^ 

y^ 1 <T I ME > m^m-^Lfz'^ 

f8<KpA|TIME I ID>tI*ttT. ^2iiE-b:^:? 
1 <0|g^ < K s C A > t'T l/^m^ \JX . W^lt 
fg<SKsCA (KpA I TIME I ID)>5:4fig 

L . 1 5 i "^^^mwrn \,zMmh . 

SY(XXX) : |gS^Yc7)XXXlC^i-5T-f 

alb :ai:bS:^ig. 

[ 0 0 1 1 1 •/r2 : 0i^v:=5:^i^lHllB^«SiE-r?.1S 

%l-^W^2iiK Jaai et^iO^A^^HB <KpB> S: 

m.1. § tc^A^ggn B 3&<jijp*^M*^ yvm 
mk^mh. mi ix\t. mi ^x'f^m.fz'm 
\.zum!m < I D> ^^-^t. ^to^izy.^ ^yiix^ 
^\.fz^mm:A<mwzy-9 1 itz^hr^'j^ivm^ 

<SKsCA(KpA|TIME| ID)> ^MtlXU 
liEJpfitffg <KpB I ID, SKsCA(KpA|TI 

ME I I D) > kV^mh. «i^lt^«2{i. Z(rym. 

^mmznix . 'm^Amimm.A < k s a > t-m 

-^^bL, Bg#€mig<EKsA (KpB I ID. SKs 
CA (KpA I TIME I I D) ) > S:«lS18tCj:0 

%=m%m\,z%.mh. 



EY(XXX) : fmHYT'XXX^Uf^'fli, 

[ 0 0 1 2 ] -/r 3 : mtzti:'mm><nm=m% 

WizXh'^M. 

PiiA <KpA> •CW'fb-ri., EP-^. <DKpA(E 
KsA(KpB| ID, SKsCA(KpA|TIME 
I ID) ) )=KpB| ID. SKsCA(KpAlT 
I ME I ID). fl^-fkUctlfgiOd^. 'k^A\,zn 

•fhVmM y^i<r>r^ 'JS)vm^ < s K s c A ( K p 

A I TIME I ID) > 5:i2iiE-b:/:?lc0^g^ii<Kp 

c A > xm^m. I . mt)^^^ t.^^ izmmt 
< I D> t/imf-mnm2t--w:ttim^iz. ^mmBt/i 
w^mm 2 co^^iii t LxMEti . 

DY{XXX) : {^mYX'XXX?:tmit. 

[00131 <mtm2> ztiii. mmn.WL2tiK u 
u-^y^ 1 COT >f 'J9)\mm%'mmAt . mfzi,z^ 
jDt L < \.mw.th'mmB t . mmmBis^^mi)^ 

^mmmAX'T^'j^iim^uzmmmuMmm 
mtti, izmmm 3 izmm i . mmnm 3 , m 
mmii^mcoT^=j:^)im^km'FMmmmmmA 

xmE L . mm b ^ mi^i+msi 2<r>{><r)X$>hbim 
•f^mmmxh^. 

[00 141 xr-yri :mM-^y^izXhmmA<7) 
ztummmitmmx'hi. 

[ 0 0 1 5 1 -yr 2 : fr/v:=5r^l^li2rfilEt-l.t»^ 

mmw-mmmi nzximmmm^m-tit 
z^t x'lmmm 1 1 mmx-h h . 2\t.^ 
^Ltzmmmim <¥^pB\ id, sksca(kp 

A I TIME I ID) > -^mmA <KsA> X"f ^ -J 
:?;l^«t^W=&ffif8<SKsA (KpB I ID. SK 
sCA (KpAl TIME I ID) ) > tUW^Wm 
<KpB| ID. SKsCA (KpA I TI ME I I 

D) > Sr. mis\,zi.^mmnm3i.zmm-h, 
[ 0 0 1 6 1 ;^x/7-3 : wz^j:mm<m%f-W[nm 

Wf^%m3x\t. mi9i,ziiy).mi sx%m 

<SKsA(KpB| ID. SKsCA(KpA|TI 

ME I ID) ) > km'FM{n.m2(DmmA <kpa> 
■c^Eti.c mmA^zm-htm-ty^ i<7) 

f-fi^^fl^m^ <SKsCA(KpA|TIME| I 

D ) > s:f2iE-fey^ 1 comm < K p c A> xm^tm 
I. WM^-^t^i. ^i^(,zmEm < I D> timmn 
m2t-^ Lfz^iz . mmB < K p B > T&^m^iHL 

SI 2 (O^AWi: fci2ii-r 5 . 

[00171 



